Sorry for mis-reading your email If anybody out there knows how to retrieve the Subject, Jean-Pierre and I would most appreciate it!
But, if, as I suspect, this is not part of the current servlet spec, and thus not part of Tomcat, can I make a request for this to be included next time round? I work around this by concatenating all the information I require from the subject into the Principal's name in my JAAS login module, as a java.security.Principal object is available from the request object in Tomcat. But I guess this isn't an option for this problem. Matt > -----Original Message----- > From: LERBSCHER Jean-Pierre > [mailto:[EMAIL PROTECTED] > Sent: 20 July 2004 15:40 > To: 'Tomcat Users List' > Subject: RE : how to access Subject after authentification > > > Thanks Matt ! > My problem is that have to call EJB deployed in Weblogic > application server > from servlet components. I use the weblogic api to propagate > the security > information from tomcat to WLS. This api uses the subject! Thus it is > necessary that I can reach it. > > -----Message d'origine----- > De : Matt Harrison [mailto:[EMAIL PROTECTED] > Envoyé : mardi 20 juillet 2004 15:59 > À : 'Tomcat Users List' > Objet : RE: how to access Subject after authentification > > Hi > > I had a similar question a while back and never really got it fully > resolved, but I found that Tomcat doesn't save the subject as > a session > attribute. > > However in your case you don't need to access the subject. In > the web.xml > file for your app, you can define what roles have access to > each resource > (jsp, servlet) and have your JAAS login module assign these > roles to the > subject - i.e. container managed security. > > e.g. add to web.xml (gives access to logins with role "user" > to all of your > application): > > <security-constraint> > <web-resource-collection> > > <web-resource-name>myApplication</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > <security-role> > <role-name>user</role-name> > </security-role> > > see the tomcat docs for more info > > Matt > > > -----Original Message----- > > From: LERBSCHER Jean-Pierre > > [mailto:[EMAIL PROTECTED] > > Sent: 20 July 2004 14:42 > > To: '[EMAIL PROTECTED]' > > Subject: how to access Subject after authentification > > > > > > Hi, > > > > I am using JAAS authentification module to authenticate user > > within tomcat > > 5.0.27. > > > > After the authentification, I want to control access to > > resources (like ejb > > deployed in weblogic application server). > > > > To control access, I have to use weblogic api with the > > Subject instance > > delivred by authentification to tomcat. > > > > > > > > The problem is : how can I get the subject object.. I try > > session.getAttribute( "javax.security.auth.subject" ); but it > > seems that I > > can't access to this information ! > > > > Any ideas? > > > > Thanks, > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]